According to a Dell threat report based on data collated and analysed throughout 2015 from the Dell SonicWALL Global Response Intelligence Defense network, 2015 was dominated by four cybersecurity trends, including revealing vulnerabilities with a popular encryption method. The report demonstrated that overall, there was a 73% rise in malware attacks last year.
HTTPS connections that use Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption steadily rose in 2015 however, the Dell report revealed a weakness that allows cybercriminals to hide malware from firewalls more frequently. Cyber attacks on SSL/TLS-encryption is successful because many existing network solutions are able to inspect this form of encrypted traffic, and if they can, their performance becomes unstable because it is low in ability. Dell recommend every organisation should carry out a security audit, upgrade security policies and next-generation firewalls, and train employees so they are aware of e-scams, suspicious websites and subsequent danger.
Another trend affects exploit kits – pre-packaged software systems that are able to infiltrate servers and automatically exploit any vulnerabilities – and it is these kits that allow cybercriminals to stay ahead of security measures. Dell advise that it is important to keep up-to-date with patches and implement a series of measures including isolating your network environment into zones, such as local-area, wireless-area and virtual local-area networks, using an intrusion-prevention system and a host-based antivirus system, and controlling scripts using browser plug-ins.
2015 showed an increase in Android malware, according to the Dell report, and that has a knock-on effect on heightening risk for the smartphone market in general. For example, Starfright was a major vulnerability which allowed attackers to send videos via text message that attacked Android’s mechanism for processing video files. For Android users, only install applications from trusted sources, enable remote wipe from the device, implement the option to verify applications that have been checked in system settings, and using extreme caution when connecting via a public Wi-Fi network.
Finally, Dell’s report noted that in 2015, malware attacks doubled to 8.19 billion in comparison to just 4.2 billion in 2014 – that’s a massive rise!
Curtis Hutcheson, General Manager of Dell Security, said: “Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims’ security programs due to disconnected or outdated point solutions that could not match these anomalies in their ecosystem.”
What is even more concerning is that the report predicted four more trends that are likely to emerge in 2016:
• Continued debate around the use of HTTPS encryption versus threat scanning.
• Growth in threats against Android Pay, a mobile-payment system.
• A reduction in Flash zero-day viruses due to major browser vendors, i.e. Mozilla and Google, ending their support for Flash plug-ins.
• The rise of hackers controlling cars remotely by attacking tools like Android Auto which allow mobile devices to run Android-operated systems to control automobiles via the dashboard.
Hutcheson added: “Each successful attack provides an opportunity for security professionals to learn from others’ oversights, examine their own strategies and shore up the holes in their defense systems.”